Microsoft's security advisory dated September 17 listed IE 6, 7, 8, 9, 10 and 11 as affected software, but the Fix-it issued two weeks ago claimed, "The exploit we analyzed worked only on Windows XP or Windows 7 running Internet Explorer 8 or 9." However, this IE zero-day has been exploited since as far back as three months ago, on July 1, according to Websense Security Labs.
Attacks exploiting this newest unpatched IE zero-day have been increasing. Last week, the Internet Storm Center raised its threat level from green to yellow due "to increased evidence of exploits in the wild regarding Microsoft Security Advisory 2887505.""
Link to Original Source